Skip to content

Commit 7861231

Browse files
JamesW1-NHSJamesW1-NHS
committed
Merge branch 'master' into VED-80-id-sync-sqs
2 parents 64988e5 + d97be80 commit 7861231

File tree

14 files changed

+289
-117
lines changed

14 files changed

+289
-117
lines changed

.github/dependabot.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,6 @@ updates:
7171
directories:
7272
- "/grafana/non-prod/terraform"
7373
- "/infra"
74-
- "/mesh-infra"
7574
- "/terraform"
7675
- "/terraform_aws_backup/**"
7776
schedule:

README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,6 @@ See https://nhsd-confluence.digital.nhs.uk/display/APM/Glossary.
4545
| `terraform_old` | Old tf code used to create INT to mimic prod. |
4646
| `terraform_sandbox` | Sandbox environment for testing infrastructure changes. |
4747
| `terraform_aws_backup` | Streamlined backup processing with AWS. |
48-
| `mesh-infra` | Infrastructure setup for Imms batch MESH integration. |
4948
| `proxies` | Apigee API proxy definitions. |
5049
---
5150

infra/.terraform.lock.hcl

Lines changed: 78 additions & 17 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

infra/endpoints.tf

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -37,14 +37,23 @@ resource "aws_security_group" "lambda_redis_sg" {
3737
protocol = "-1"
3838
self = true
3939
}
40+
41+
egress {
42+
description = "HTTPS outbound for PDS callout"
43+
cidr_blocks = ["0.0.0.0/0"]
44+
from_port = 443
45+
to_port = 443
46+
protocol = "tcp"
47+
self = false
48+
}
4049
}
4150

4251
resource "aws_vpc_endpoint" "sqs_endpoint" {
4352
vpc_id = aws_vpc.default.id
4453
service_name = "com.amazonaws.${var.aws_region}.sqs"
4554
vpc_endpoint_type = "Interface"
4655

47-
subnet_ids = values(aws_subnet.default_subnets)[*].id
56+
subnet_ids = values(aws_subnet.private)[*].id
4857
security_group_ids = [aws_security_group.lambda_redis_sg.id]
4958
private_dns_enabled = true
5059

@@ -74,7 +83,7 @@ resource "aws_vpc_endpoint" "s3_endpoint" {
7483
vpc_id = aws_vpc.default.id
7584
service_name = "com.amazonaws.${var.aws_region}.s3"
7685

77-
route_table_ids = [aws_route_table.default.id]
86+
route_table_ids = [aws_route_table.private.id]
7887

7988
policy = jsonencode({
8089
Version = "2012-10-17",
@@ -105,7 +114,7 @@ resource "aws_vpc_endpoint" "kinesis_endpoint" {
105114
service_name = "com.amazonaws.${var.aws_region}.kinesis-firehose"
106115
vpc_endpoint_type = "Interface"
107116

108-
subnet_ids = values(aws_subnet.default_subnets)[*].id
117+
subnet_ids = values(aws_subnet.private)[*].id
109118
security_group_ids = [aws_security_group.lambda_redis_sg.id]
110119
private_dns_enabled = true
111120

@@ -135,7 +144,7 @@ resource "aws_vpc_endpoint" "dynamodb" {
135144
vpc_id = aws_vpc.default.id
136145
service_name = "com.amazonaws.${var.aws_region}.dynamodb"
137146

138-
route_table_ids = [aws_route_table.default.id]
147+
route_table_ids = [aws_route_table.private.id]
139148

140149
tags = {
141150
Name = "immunisation-dynamo-endpoint"
@@ -147,7 +156,7 @@ resource "aws_vpc_endpoint" "ecr_api" {
147156
service_name = "com.amazonaws.${var.aws_region}.ecr.api"
148157
vpc_endpoint_type = "Interface"
149158

150-
subnet_ids = values(aws_subnet.default_subnets)[*].id
159+
subnet_ids = values(aws_subnet.private)[*].id
151160
security_group_ids = [aws_security_group.lambda_redis_sg.id]
152161
private_dns_enabled = true
153162
tags = {
@@ -160,7 +169,7 @@ resource "aws_vpc_endpoint" "ecr_dkr" {
160169
service_name = "com.amazonaws.${var.aws_region}.ecr.dkr"
161170
vpc_endpoint_type = "Interface"
162171

163-
subnet_ids = values(aws_subnet.default_subnets)[*].id
172+
subnet_ids = values(aws_subnet.private)[*].id
164173
security_group_ids = [aws_security_group.lambda_redis_sg.id]
165174
private_dns_enabled = true
166175
tags = {
@@ -173,7 +182,7 @@ resource "aws_vpc_endpoint" "cloud_watch" {
173182
service_name = "com.amazonaws.${var.aws_region}.logs"
174183
vpc_endpoint_type = "Interface"
175184

176-
subnet_ids = values(aws_subnet.default_subnets)[*].id
185+
subnet_ids = values(aws_subnet.private)[*].id
177186
security_group_ids = [aws_security_group.lambda_redis_sg.id]
178187
private_dns_enabled = true
179188
tags = {
@@ -187,7 +196,7 @@ resource "aws_vpc_endpoint" "kinesis_stream_endpoint" {
187196
service_name = "com.amazonaws.${var.aws_region}.kinesis-streams"
188197
vpc_endpoint_type = "Interface"
189198

190-
subnet_ids = values(aws_subnet.default_subnets)[*].id
199+
subnet_ids = values(aws_subnet.private)[*].id
191200
security_group_ids = [aws_security_group.lambda_redis_sg.id]
192201
private_dns_enabled = true
193202

@@ -220,7 +229,7 @@ resource "aws_vpc_endpoint" "kms_endpoint" {
220229
service_name = "com.amazonaws.${var.aws_region}.kms"
221230
vpc_endpoint_type = "Interface"
222231

223-
subnet_ids = values(aws_subnet.default_subnets)[*].id
232+
subnet_ids = values(aws_subnet.private)[*].id
224233
security_group_ids = [aws_security_group.lambda_redis_sg.id]
225234
private_dns_enabled = true
226235

@@ -255,7 +264,7 @@ resource "aws_vpc_endpoint" "lambda_endpoint" {
255264
service_name = "com.amazonaws.${var.aws_region}.lambda"
256265
vpc_endpoint_type = "Interface"
257266

258-
subnet_ids = values(aws_subnet.default_subnets)[*].id
267+
subnet_ids = values(aws_subnet.private)[*].id
259268
security_group_ids = [aws_security_group.lambda_redis_sg.id]
260269
private_dns_enabled = true
261270
tags = {

infra/environments/int/variables.tfvars

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,5 @@ dspp_admin_role = "root"
77
environment = "int"
88
parent_route53_zone_name = "int.vds.platform.nhs.uk"
99
child_route53_zone_name = "imms.int.vds.platform.nhs.uk"
10+
mesh_mailbox_id = "X26OT303"
11+
mesh_dlq_mailbox_id = "X26OT304"

infra/environments/non-prod/variables.tfvars

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,8 @@ dspp_admin_role = "root"
77
environment = "dev"
88
parent_route53_zone_name = "dev.vds.platform.nhs.uk"
99
child_route53_zone_name = "imms.dev.vds.platform.nhs.uk"
10+
# TODO - null these out once we're using the int account
11+
# mesh_mailbox_id = null
12+
# mesh_dlq_mailbox_id = null
13+
mesh_mailbox_id = "X26OT303"
14+
mesh_dlq_mailbox_id = "X26OT304"

infra/environments/prod/variables.tfvars

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,5 @@ dspp_admin_role = "root"
77
environment = "prod"
88
parent_route53_zone_name = "prod.vds.platform.nhs.uk"
99
child_route53_zone_name = "imms.prod.vds.platform.nhs.uk"
10+
mesh_mailbox_id = "X26HC138"
11+
mesh_dlq_mailbox_id = null

infra/mesh.tf

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# MESH Client Module - conditionally created based on environment configuration
2+
module "mesh" {
3+
count = var.mesh_mailbox_id != null ? 1 : 0
4+
source = "git::https://github.com/nhsdigital/terraform-aws-mesh-client.git//module?ref=v2.1.5"
5+
6+
name_prefix = "imms-${var.environment}"
7+
account_id = var.imms_account_id
8+
mesh_env = var.environment == "prod"? "production" : "integration"
9+
subnet_ids = toset([])
10+
mailbox_ids = [var.mesh_mailbox_id]
11+
12+
compress_threshold = 1 * 1024 * 1024
13+
get_message_max_concurrency = 10
14+
handshake_schedule = "rate(24 hours)"
15+
}

0 commit comments

Comments
 (0)